Hi,
On Apr 22, 2014 2:53 AM, Junio C Hamano <gitster@xxxxxxxxx> wrote:
>
> Richard Hansen <rhansen@xxxxxxx> writes:
>
> > Both bash and zsh subject the value of PS1 to parameter expansion,
> > command substitution, and arithmetic expansion. Rather than include
> > the raw, unescaped branch name in PS1 when running in two- or
> > three-argument mode, construct PS1 to reference a variable that holds
> > the branch name. Because the shells do not recursively expand, this
> > avoids arbitrary code execution by specially-crafted branch names such
> > as '$(IFS=_;cmd=sudo_rm_-rf_/;$cmd)'.
> >
> > Signed-off-by: Richard Hansen <rhansen@xxxxxxx>
>
> I'd like to see this patch eyeballed by those who have been involved
> in the script (shortlog and blame tells me they are SZEDER and
> Simon, CC'ed), so that we can hopefully merge it by the time -rc1 is
> tagged.
I think this is a sensible thing to do. However, for now I can only check the patch on my phone, hence I can't say any more (e.g. acked or reviewed by) than that, unfortunately.
> > + # not needed anymore; keep user's
> > + # environment clean
> > + unset __git_ps1_upstream_name
> > + fi
We already have a lot of stuff in the user's environment beginning with __git, so I don't think the unset is necessary.
Best,
Gábor
��.n��������+%�������w��{.n��������n�r�������&��z�ޗ�zf���h���~����������_��+v���)ߣ�